On ti, 23 touko 2017, Prasun Gera via FreeIPA-users wrote:
I posted this in the earlier thread, but didn't get a response. I was able
to fix this on the master, but "getcert list -d /etc/httpd/alias -n
"Server-Cert" on the replica doesn't return anything. Are the replica's SSL
certs handled differently ?
I don't think there is any difference, not at least code-wise, for how
HTTP service certificate is tracked in the case of IPA CA.

In case of a replica promotion a request to issue HTTP service
certificate is routed to the original IPA CA master (because the one we
will have on the replica itself is not yet here). Either way, certmonger
is set to track the same Server-Cert certificate in /etc/httpd/alias
during server upgrade process that is one of the last steps when replica
is installed.

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to